Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

FIDO and Adaptive Authentication

344 views

Published on

A look at trends in consumer authentication, including the growth of FIDO Authentication and how it complements adaptive authentication.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

FIDO and Adaptive Authentication

  1. 1. FIDO and Adaptive Authentication John Tolbert Lead Analyst KuppingerCole, Inc www.kuppingercole.com
  2. 2. Mobile Social Risk Adaptive Continuous Stronger Authentication Trends 10/5/2018© KuppingerCole 2
  3. 3. • SMS OTP (deprecated) • Mobile push notifications • Mobile apps • Global Platform TEE / SE • Secure Enclave for iOS • Mobile biometrics • Device native, such as TouchID, FaceID, Samsung Fingerprint • 3rd party, such as NokNok Labs, Daon, etc. • FIDO UAF and 2.0 Mobile Authentication 10/5/2018© KuppingerCole 3
  4. 4. Why mobile devices are important for MFA 4 FIDO
  5. 5. • Facebook, Google, Microsoft, LinkedIn, Twitter, et al • Based on open standards OpenID and OIDC • Can also be used for registration • Famed for Ease-of-use • Incorporates elements of risk adaptive and continuous authentication Social Logins 10/5/2018© KuppingerCole 5
  6. 6. Geo-location User attributes Geo-velocity User history Geo-fencing: IP addresses / ranges User on new device check Time of day / week Jailbreak or root check Device ID / fingerprint Known compromised credential check Device health assessment Fraud indicator check Known bad IP / network checks Factors that can be evaluated by risk adaptive authentication 10/5/2018© KuppingerCole 6
  7. 7. Risk adaptive authentication & FIDO 10/5/2018© KuppingerCole 7 FIDO
  8. 8. Risk Score 0 50 100 T1 T2 T3 T4 T5 T6 Risk variance across time Risk Score Continuous Authentication 10/5/2018© KuppingerCole 8 T1: Initial AuthN T2: No major environmental changes T3: Change of WiFI SSID T4: Location change T5: Normal behavior T6: Return to baseline
  9. 9. Identify criteria for evaluation and vendors to survey Invite vendors to participate Evaluate vendor responses Interview active customers Objective ratings Prepare report Leadership Compass Methodology 10/5/2018© KuppingerCole 9
  10. 10. Security Function- ality Usability Integration Interop Leadership Compass Components 10/5/2018© KuppingerCole 10
  11. 11. Innovation Market Position Financial Ecosystem Leadership Compass Components -- additional 10/5/2018© KuppingerCole 11
  12. 12. Product Leadership – functionality and completeness of vision Market Leadership – number and geographic distribution of customers, partners, and support ecosystem Innovation Leadership – delivering new and useful features at customer request Overall Leadership The Different Categories of Leadership 10/5/2018© KuppingerCole 12
  13. 13. • HID Global • IBM • OneSpan • RSA • SecureAuth + Core Security © KuppingerCole 13 • AdNovum • CA Technologies • Entrust Datacard • Ergon Informatik • Evidian • ForgeRock 10/5/2018 Vendors in Leadership Compass Adaptive AuthN (on-prem)
  14. 14. • Microsoft • Okta • One Identity • OneSpan • Ping Identity • Symantec • ThreatMetrix © KuppingerCole 14 • Centrify • Entrust Datacard • Gemalto • HID Global • ID Data Web • Iovation 10/5/2018 Vendors in Leadership Compass Cloud MFA
  15. 15. LC Adaptive Authentication Overall Leadership 10/5/2018© KuppingerCole 15
  16. 16. KuppingerCole Analysts AG Headquarters Wilhelmstraße 20-22 65185 Wiesbaden | Germany Tel +49 (211) 23 70 77 – 0 Fax +49 (211) 23 70 77 – 11 www.kuppingercole.com The Future of Information Security and Privacy – Today. sales@kuppingercole.com 10/5/2018© KuppingerCole

×